2021-07-09 01:54:20 +00:00
terraform {
required_providers {
google = {
source = " hashicorp/google "
version = " 3.74.0 "
}
2021-07-09 05:54:13 +00:00
google - beta = {
source = " hashicorp/google-beta "
version = " 3.74.0 "
}
2021-07-09 01:54:20 +00:00
random = {
source = " hashicorp/random "
version = " 3.1.0 "
}
}
}
2021-07-09 00:30:19 +00:00
variable " project " {
description = " Project ID. "
type = string
2021-07-09 04:50:48 +00:00
default = " hip-wharf-319304 "
2021-07-09 00:30:19 +00:00
}
variable " region " {
description = " Region. "
type = string
default = " us-central1 "
}
variable " zone " {
description = " Zone. "
type = string
default = " us-central1-c "
}
provider " google " {
project = var . project
region = var . region
zone = var . zone
}
2021-07-09 01:54:20 +00:00
data " google_project " " project " {
2021-07-09 04:50:48 +00:00
project_id = var . project
2021-07-09 01:54:20 +00:00
}
2021-07-12 04:40:01 +00:00
#################### Networking ###########################
module " networking " {
source = " ../modules/networking "
project = var . project
2021-07-13 05:30:22 +00:00
region = var . region
2021-07-12 04:40:01 +00:00
}
2021-07-09 05:54:13 +00:00
#################### Workload Identity ####################
resource " random_id " " identity_pool " {
byte_length = 4
}
resource " google_iam_workload_identity_pool " " identity_pool " {
provider = google - beta
project = var . project
workload_identity_pool_id = " identity-pool- ${ random_id . identity_pool . hex } "
}
2021-07-09 01:43:49 +00:00
#################### KMS ##################################
resource " google_project_service " " cloudkms " {
project = var . project
service = " cloudkms.googleapis.com "
disable_dependent_services = true
}
#################### GKE ##################################
2021-07-13 05:10:23 +00:00
module " gke " {
2021-07-13 05:30:22 +00:00
source = " ../modules/gke "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
private_subnetwork_id = module . networking . private_subnetwork_id
service_cloudkms = google_project_service . cloudkms
2021-07-18 22:27:24 +00:00
machine_type = " e2-standard-2 "
2021-07-09 00:30:19 +00:00
2021-07-14 00:50:43 +00:00
depends_on = [
module . networking
]
2021-07-09 00:30:19 +00:00
}
2021-07-09 04:50:48 +00:00
output " gke_connect_command " {
2021-07-13 05:10:23 +00:00
# description = "Command to run to connect to the kubernetes cluster."
value = module . gke . gke_connect_command
2021-07-09 04:50:48 +00:00
}
2021-07-12 04:06:49 +00:00
#################### SQL ##################################
module " cloudsql " {
2021-07-13 02:25:12 +00:00
source = " ../modules/cloudsql "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
depends_on = [
module . networking
]
2021-07-12 04:06:49 +00:00
}
2021-07-13 03:15:54 +00:00
2021-07-19 01:26:21 +00:00
output " cloudsql_ip_address " {
description = " IP address for cloudsql database. "
value = module . cloudsql . instance . ip_address . 0 . ip_address
}
2021-07-19 01:19:08 +00:00
output " cloudsql_server_certificate " {
2021-07-19 01:26:21 +00:00
description = " CA certificate. "
2021-07-19 01:19:08 +00:00
value = module . cloudsql . certificate . server_ca_cert
sensitive = true
}
output " cloudsql_client_certificate " {
2021-07-19 01:26:21 +00:00
description = " Client certificate. "
2021-07-19 01:19:08 +00:00
value = module . cloudsql . certificate . cert
sensitive = true
}
output " cloudsql_client_key " {
2021-07-19 01:26:21 +00:00
description = " Client key. "
2021-07-19 01:19:08 +00:00
value = module . cloudsql . certificate . private_key
sensitive = true
}
resource " local_file " " pgserver_crt " {
sensitive_content = module . cloudsql . certificate . server_ca_cert
filename = " ${ path . module } /pgserver.crt "
file_permission = " 0600 "
directory_permission = " 0700 "
}
resource " local_file " " pgclient_crt " {
sensitive_content = module . cloudsql . certificate . cert
filename = " ${ path . module } /pgclient.crt "
file_permission = " 0600 "
directory_permission = " 0700 "
}
resource " local_file " " pgclient_key " {
sensitive_content = module . cloudsql . certificate . private_key
filename = " ${ path . module } /pgclient.key "
file_permission = " 0600 "
directory_permission = " 0700 "
}
2021-07-19 01:47:20 +00:00
output " cloudsql_connection_string " {
description = " Connection URL for main user in cloudsql. "
value = " postgresql://postgres@ ${ module . cloudsql . instance . ip_address . 0 . ip_address } /postgres?ssl=true&sslmode=verify-ca&sslcert= ${ urlencode ( abspath ( local_file . pgclient_crt . filename ) ) } &sslkey= ${ urlencode ( abspath ( local_file . pgclient_key . filename ) ) } &sslrootcert= ${ urlencode ( abspath ( local_file . pgserver_crt . filename ) ) } "
}
2021-07-18 20:55:55 +00:00
# Create a workload identity service account for IAM authentication to
# cloudsql
module " cloudsql_test_sa " {
2021-07-18 21:03:14 +00:00
source = " ../modules/workload_identity_account "
project = var . project
k8s_service_account = " test-sa "
2021-07-18 20:55:55 +00:00
}
2021-07-13 03:15:54 +00:00
#################### Redis ################################
module " redis " {
source = " ../modules/redis "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
depends_on = [
module . networking
]
}
output " redis_host " {
description = " Hostname/IP Address for redis database. "
value = module . redis . redis_host
}
output " redis_port " {
description = " Port for redis database. "
value = module . redis . redis_port
}
2021-07-20 04:04:07 +00:00
2021-07-21 02:24:32 +00:00
#################### Cloudfunction to PubSub ##############
resource " google_project_service " " cloudbuild " {
project = var . project
service = " cloudbuild.googleapis.com "
disable_dependent_services = true
}
resource " random_id " " cf_bucket_id " {
byte_length = 4
}
resource " google_storage_bucket " " bucket " {
project = var . project
name = " cloudfunc- ${ random_id . cf_bucket_id . hex } "
force_destroy = true
}
module " cf_to_pubsub " {
2021-07-21 05:35:45 +00:00
source = " ../modules/cf_to_pubsub "
project = var . project
region = var . region
function_name = " cf-to-pubsub "
function_description = " CloudFunction to PubSub "
function_source_name = " cf_to_pubsub "
source_bucket = google_storage_bucket . bucket
service_cloudbuild = google_project_service . cloudbuild
environment_variables = {
GCP_PROJECT = var . project
GCP_TOPIC = " bigquery-etl "
}
2021-07-21 02:24:32 +00:00
}
2021-07-21 05:35:45 +00:00
output " cf_to_pubsub_endpoint " {
description = " https endpoint to log to BigQuery through pubsub. "
2021-07-21 02:24:32 +00:00
value = module . cf_to_pubsub . https_trigger_url
}
2021-07-21 05:35:45 +00:00
module " cf_to_bq " {
source = " ../modules/cf_to_pubsub "
project = var . project
region = var . region
function_name = " cf-to-bq "
function_description = " CloudFunction to BigQuery "
function_source_name = " cf_to_bq "
source_bucket = google_storage_bucket . bucket
service_cloudbuild = google_project_service . cloudbuild
environment_variables = {
BQ_TABLE = " ${ var . project } .pubsub_etl.pubsub_etl "
}
}
output " cf_to_bq_endpoint " {
description = " https endpoint to log to BigQuery directly. "
value = module . cf_to_bq . https_trigger_url
}
2021-07-20 04:04:07 +00:00
#################### PubSub to BigQuery ###################
module " bigquery " {
source = " ../modules/bigquery "
project = var . project
region = var . region
service_cloudkms = google_project_service . cloudkms
}